Skip to main content
CVE-2024-8956 CRITICAL POC KEV THREAT Act Now

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Pt30X Sdi Firmware Pt30X Ndi Xx G2 Firmware
NVD
CVSS 3.1
9.1
EPSS
60.9%
CVE-2024-44148 CRITICAL Act Now

This issue was addressed with improved validation of file attributes. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-44146 CRITICAL Act Now

A logic issue was addressed with improved file handling. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-45798 CRITICAL Act Now

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-8767 CRITICAL Act Now

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure
NVD
CVSS 3.0
9.9
EPSS
0.5%
CVE-2024-45496 CRITICAL PATCH Act Now

A flaw was found in OpenShift. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-38183 CRITICAL PATCH Act Now

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Groupme
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-45682 CRITICAL Act Now

There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Proroute H685T W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-38813 CRITICAL KEV THREAT Act Now

The vCenter Server contains a privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
16.7%
CVE-2024-38812 CRITICAL KEV THREAT Act Now

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow VMware RCE Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
54.1%
CVE-2024-7873 CRITICAL Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
9.4
EPSS
0.2%
CVE-2024-43978 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.9.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.7%
CVE-2024-43976 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.9.7. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.5%
CVE-2024-44004 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.0.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-7387 CRITICAL Act Now

A flaw was found in openshift/builder. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Path Traversal Docker
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy